[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 12.963427] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.974783] random: sshd: uninitialized urandom read (32 bytes read) [ 17.140902] random: sshd: uninitialized urandom read (32 bytes read) [ 17.886363] random: sshd: uninitialized urandom read (32 bytes read) [ 64.295107] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. [ 69.791822] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/25 21:04:03 parsed 1 programs 2018/04/25 21:04:03 executed programs: 0 [ 70.194484] IPVS: Creating netns size=2536 id=1 2018/04/25 21:04:08 executed programs: 698 2018/04/25 21:04:13 executed programs: 1377 2018/04/25 21:04:18 executed programs: 2031 2018/04/25 21:04:23 executed programs: 2721 2018/04/25 21:04:28 executed programs: 3409 2018/04/25 21:04:33 executed programs: 4078 2018/04/25 21:04:38 executed programs: 4729 2018/04/25 21:04:43 executed programs: 5411 INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes 2018/04/25 21:04:48 executed programs: 6071 2018/04/25 21:04:53 executed programs: 6717 2018/04/25 21:04:58 executed programs: 7382 [ 127.664399] ================================================================== [ 127.671830] BUG: KASAN: out-of-bounds in __unwind_start+0x37c/0x3c0 [ 127.678208] Read of size 8 at addr ffff8801d8f9f820 by task syz-executor0/25564 [ 127.685647] [ 127.687250] CPU: 0 PID: 25564 Comm: syz-executor0 Not tainted 4.9.96-g8c01d00 #8 [ 127.694757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.704089] ffff8801d7d0f770 ffffffff81eb0b69 ffffea000763e7c0 ffff8801d8f9f820 [ 127.712110] 0000000000000000 ffff8801d8f9f828 ffff8801d7d0f8a8 ffff8801d7d0f7a8 [ 127.720095] ffffffff8156540b ffff8801d8f9f820 0000000000000008 0000000000000000 [ 127.728097] Call Trace: [ 127.730666] [] dump_stack+0xc1/0x128 [ 127.736018] [] print_address_description+0x6c/0x234 [ 127.742663] [] kasan_report.cold.6+0x242/0x2fe [ 127.748881] [] ? __unwind_start+0x37c/0x3c0 [ 127.754837] [] __asan_report_load8_noabort+0x14/0x20 [ 127.761583] [] __unwind_start+0x37c/0x3c0 [ 127.767356] [] ? ptrace_may_access+0x24/0x50 [ 127.773388] [] __save_stack_trace+0x59/0xf0 [ 127.780893] [] save_stack_trace_tsk+0x48/0x70 [ 127.787013] [] proc_pid_stack+0x148/0x220 [ 127.792782] [] ? lock_trace+0xc0/0xc0 [ 127.798212] [] proc_single_show+0xfd/0x170 [ 127.804161] [] seq_read+0x4b6/0x12e0 [ 127.809513] [] ? seq_dentry+0x290/0x290 [ 127.815112] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 127.823580] [] ? fsnotify+0x1100/0x1100 [ 127.829179] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 127.836085] [] do_readv_writev+0x565/0x7a0 [ 127.841946] [] ? vfs_write+0x530/0x530 [ 127.847457] [] ? mark_held_locks+0xc7/0x130 [ 127.853397] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 127.860210] [] ? mutex_lock_nested+0x596/0x870 [ 127.866415] [] ? __fdget_pos+0xac/0xd0 [ 127.871924] [] ? __fget+0x20a/0x3b0 [ 127.877174] [] ? mutex_trylock+0x3e0/0x3e0 [ 127.883029] [] ? __fget+0x231/0x3b0 [ 127.888277] [] ? __fget+0x47/0x3b0 [ 127.893440] [] vfs_readv+0x84/0xc0 [ 127.898619] [] do_readv+0xe6/0x260 [ 127.903781] [] ? vfs_readv+0xc0/0xc0 [ 127.909118] [] SyS_readv+0x27/0x30 [ 127.914283] [] ? rw_copy_check_uvector+0x330/0x330 [ 127.920835] [] do_syscall_64+0x1a6/0x490 [ 127.926532] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 127.933439] [ 127.935040] The buggy address belongs to the page: [ 127.939948] page:ffffea000763e7c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 127.948183] flags: 0x8000000000000000() [ 127.952128] page dumped because: kasan: bad access detected [ 127.957806] [ 127.959402] Memory state around the buggy address: [ 127.964310] ffff8801d8f9f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.971647] ffff8801d8f9f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.978977] >ffff8801d8f9f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.986308] ^ [ 127.990945] ffff8801d8f9f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.998278] ffff8801d8f9f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 128.005612] ================================================================== [ 128.012940] Disabling lock debugging due to kernel taint [ 128.018928] Kernel panic - not syncing: panic_on_warn set ... [ 128.018928] [ 128.026287] CPU: 0 PID: 25564 Comm: syz-executor0 Tainted: G B 4.9.96-g8c01d00 #8 [ 128.035009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.044337] ffff8801d7d0f6d0 ffffffff81eb0b69 ffffffff841c492d 00000000ffffffff [ 128.052328] 0000000000000000 0000000000000000 ffff8801d7d0f8a8 ffff8801d7d0f790 [ 128.060321] ffffffff8141f975 0000000041b58ab3 ffffffff841b8030 ffffffff8141f7b6 [ 128.068310] Call Trace: [ 128.070874] [] dump_stack+0xc1/0x128 [ 128.076212] [] panic+0x1bf/0x3bc [ 128.081199] [] ? add_taint.cold.6+0x16/0x16 [ 128.087142] [] ? ___preempt_schedule+0x16/0x18 [ 128.093351] [] kasan_end_report+0x47/0x4f [ 128.099119] [] kasan_report.cold.6+0x76/0x2fe [ 128.105242] [] ? __unwind_start+0x37c/0x3c0 [ 128.111185] [] __asan_report_load8_noabort+0x14/0x20 [ 128.117909] [] __unwind_start+0x37c/0x3c0 [ 128.123678] [] ? ptrace_may_access+0x24/0x50 [ 128.129708] [] __save_stack_trace+0x59/0xf0 [ 128.135650] [] save_stack_trace_tsk+0x48/0x70 [ 128.141856] [] proc_pid_stack+0x148/0x220 [ 128.147627] [] ? lock_trace+0xc0/0xc0 [ 128.153048] [] proc_single_show+0xfd/0x170 [ 128.158905] [] seq_read+0x4b6/0x12e0 [ 128.164245] [] ? seq_dentry+0x290/0x290 [ 128.169846] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 128.178305] [] ? fsnotify+0x1100/0x1100 [ 128.183904] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 128.190805] [] do_readv_writev+0x565/0x7a0 [ 128.196658] [] ? vfs_write+0x530/0x530 [ 128.202170] [] ? mark_held_locks+0xc7/0x130 [ 128.208115] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 128.214928] [] ? mutex_lock_nested+0x596/0x870 [ 128.221132] [] ? __fdget_pos+0xac/0xd0 [ 128.226643] [] ? __fget+0x20a/0x3b0 [ 128.231900] [] ? mutex_trylock+0x3e0/0x3e0 [ 128.237758] [] ? __fget+0x231/0x3b0 [ 128.243007] [] ? __fget+0x47/0x3b0 [ 128.248171] [] vfs_readv+0x84/0xc0 [ 128.253332] [] do_readv+0xe6/0x260 [ 128.258491] [] ? vfs_readv+0xc0/0xc0 [ 128.263826] [] SyS_readv+0x27/0x30 [ 128.268990] [] ? rw_copy_check_uvector+0x330/0x330 [ 128.275542] [] do_syscall_64+0x1a6/0x490 [ 128.281226] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 128.288568] Dumping ftrace buffer: [ 128.292084] (ftrace buffer empty) [ 128.295768] Kernel Offset: disabled [ 128.299368] Rebooting in 86400 seconds..